pkgs/build-support/node/fetch-npm-deps/default.nix

   1 { lib, stdenvNoCC, rustPlatform, makeWrapper, pkg-config, curl, gnutar, gzip, testers, fetchurl, cacert, prefetch-npm-deps, fetchNpmDeps }:
   2
   3 {
   4   prefetch-npm-deps = rustPlatform.buildRustPackage {
   5     pname = "prefetch-npm-deps";
   6     version = (lib.importTOML ./Cargo.toml).package.version;
   7
   8     src = lib.cleanSourceWith {
   9       src = ./.;
  10       filter = name: type:
  11         let
  12           name' = builtins.baseNameOf name;
  13         in
  14         name' != "default.nix" && name' != "target";
  15     };
  16
  17     cargoLock.lockFile = ./Cargo.lock;
  18
  19     nativeBuildInputs = [ makeWrapper pkg-config ];
  20     buildInputs = [ curl ];
  21
  22     postInstall = ''
  23       wrapProgram "$out/bin/prefetch-npm-deps" --prefix PATH : ${lib.makeBinPath [ gnutar gzip ]}
  24     '';
  25
  26     passthru.tests =
  27       let
  28         makeTestSrc = { name, src }: stdenvNoCC.mkDerivation {
  29           name = "${name}-src";
  30
  31           inherit src;
  32
  33           buildCommand = ''
  34             mkdir -p $out
  35             cp $src $out/package-lock.json
  36           '';
  37         };
  38
  39         makeTest = { name, src, hash, forceGitDeps ? false, forceEmptyCache ? false }: testers.invalidateFetcherByDrvHash fetchNpmDeps {
  40           inherit name hash forceGitDeps forceEmptyCache;
  41
  42           src = makeTestSrc { inherit name src; };
  43         };
  44       in
  45       {
  46         lockfileV1 = makeTest {
  47           name = "lockfile-v1";
  48
  49           src = fetchurl {
  50             url = "https://raw.githubusercontent.com/jellyfin/jellyfin-web/v10.8.4/package-lock.json";
  51             hash = "sha256-uQmc+S+V1co1Rfc4d82PpeXjmd1UqdsG492ADQFcZGA=";
  52           };
  53
  54           hash = "sha256-wca1QvxUw3OrLStfYN9Co6oVBR1LbfcNUKlDqvObps4=";
  55         };
  56
  57         lockfileV2 = makeTest {
  58           name = "lockfile-v2";
  59
  60           src = fetchurl {
  61             url = "https://raw.githubusercontent.com/jesec/flood/v4.7.0/package-lock.json";
  62             hash = "sha256-qS29tq5QPnGxV+PU40VgMAtdwVLtLyyhG2z9GMeYtC4=";
  63           };
  64
  65           hash = "sha256-tuEfyePwlOy2/mOPdXbqJskO6IowvAP4DWg8xSZwbJw=";
  66         };
  67
  68         hashPrecedence = makeTest {
  69           name = "hash-precedence";
  70
  71           src = fetchurl {
  72             url = "https://raw.githubusercontent.com/matrix-org/matrix-appservice-irc/0.34.0/package-lock.json";
  73             hash = "sha256-1+0AQw9EmbHiMPA/H8OP8XenhrkhLRYBRhmd1cNPFjk=";
  74           };
  75
  76           hash = "sha256-oItUls7AXcCECuyA+crQO6B0kv4toIr8pBubNwB7kAM=";
  77         };
  78
  79         hostedGitDeps = makeTest {
  80           name = "hosted-git-deps";
  81
  82           src = fetchurl {
  83             url = "https://cyberchaos.dev/yuka/trainsearch/-/raw/e3cba6427e8ecfd843d0f697251ddaf5e53c2327/package-lock.json";
  84             hash = "sha256-X9mCwPqV5yP0S2GonNvpYnLSLJMd/SUIked+hMRxDpA=";
  85           };
  86
  87           hash = "sha256-tEdElWJ+KBTxBobzXBpPopQSwK2usGW/it1+yfbVzBw=";
  88         };
  89
  90         linkDependencies = makeTest {
  91           name = "link-dependencies";
  92
  93           src = fetchurl {
  94             url = "https://raw.githubusercontent.com/evcc-io/evcc/0.106.3/package-lock.json";
  95             hash = "sha256-6ZTBMyuyPP/63gpQugggHhKVup6OB4hZ2rmSvPJ0yEs=";
  96           };
  97
  98           hash = "sha256-VzQhArHoznYSXUT7l9HkJV4yoSOmoP8eYTLel1QwmB4=";
  99         };
 100
 101         # This package has no resolved deps whatsoever, which will not actually work but does test the forceEmptyCache option.
 102         emptyCache = makeTest {
 103           name = "empty-cache";
 104
 105           src = fetchurl {
 106             url = "https://raw.githubusercontent.com/bufbuild/protobuf-es/v1.2.1/package-lock.json";
 107             hash = "sha256-UdBUEb4YRHsbvyjymIyjemJEiaI9KQRirqt+SFSK0wA=";
 108           };
 109
 110           hash = "sha256-Cdv40lQjRszzJtJydZt25uYfcJVeJGwH54A+agdH9wI=";
 111
 112           forceEmptyCache = true;
 113         };
 114
 115         # This package contains both hosted Git shorthand, and a bundled dependency that happens to override an existing one.
 116         etherpadLite1818 = makeTest {
 117           name = "etherpad-lite-1.8.18";
 118
 119           src = fetchurl {
 120             url = "https://raw.githubusercontent.com/ether/etherpad-lite/1.8.18/src/package-lock.json";
 121             hash = "sha256-1fGNxYJi1I4cXK/jinNG+Y6tPEOhP3QAqWOBEQttS9E=";
 122           };
 123
 124           hash = "sha256-+KA8/orSBJ4EhuSyQO8IKSxsN/FAsYU3lOzq+awuxNQ=";
 125
 126           forceGitDeps = true;
 127         };
 128
 129         # This package has a lockfile v1 git dependency with no `dependencies` attribute, since it sementically has no dependencies.
 130         jitsiMeet9111 = makeTest {
 131           name = "jitsi-meet-9111";
 132
 133           src = fetchurl {
 134             url = "https://raw.githubusercontent.com/jitsi/jitsi-meet/stable/jitsi-meet_9111/package-lock.json";
 135             hash = "sha256-NU+eQD4WZ4BMur8uX79uk8wUPsZvIT02KhPWHTmaihk=";
 136           };
 137
 138           hash = "sha256-FhxlJ0HdJMPiWe7+n1HaGLWOr/2HJEPwiS65uqXZM8Y=";
 139         };
 140       };
 141
 142     meta = with lib; {
 143       description = "Prefetch dependencies from npm (for use with `fetchNpmDeps`)";
 144       mainProgram = "prefetch-npm-deps";
 145       maintainers = with maintainers; [ winter ];
 146       license = licenses.mit;
 147     };
 148   };
 149
 150   fetchNpmDeps =
 151     { name ? "npm-deps"
 152     , hash ? ""
 153     , forceGitDeps ? false
 154     , forceEmptyCache ? false
 155     , ...
 156     } @ args:
 157     let
 158       hash_ =
 159         if hash != "" then {
 160           outputHash = hash;
 161         } else {
 162           outputHash = "";
 163           outputHashAlgo = "sha256";
 164         };
 165
 166       forceGitDeps_ = lib.optionalAttrs forceGitDeps { FORCE_GIT_DEPS = true; };
 167       forceEmptyCache_ = lib.optionalAttrs forceEmptyCache { FORCE_EMPTY_CACHE = true; };
 168     in
 169     stdenvNoCC.mkDerivation (args // {
 170       inherit name;
 171
 172       nativeBuildInputs = [ prefetch-npm-deps ];
 173
 174       buildPhase = ''
 175         runHook preBuild
 176
 177         if [[ ! -e package-lock.json ]]; then
 178           echo
 179           echo "ERROR: The package-lock.json file does not exist!"
 180           echo
 181           echo "package-lock.json is required to make sure that npmDepsHash doesn't change"
 182           echo "when packages are updated on npm."
 183           echo
 184           echo "Hint: You can copy a vendored package-lock.json file via postPatch."
 185           echo
 186
 187           exit 1
 188         fi
 189
 190         prefetch-npm-deps package-lock.json $out
 191
 192         runHook postBuild
 193       '';
 194
 195       dontInstall = true;
 196
 197       # NIX_NPM_TOKENS environment variable should be a JSON mapping in the shape of:
 198       # `{ "registry.example.com": "example-registry-bearer-token", ... }`
 199       impureEnvVars = lib.fetchers.proxyImpureEnvVars ++ [ "NIX_NPM_TOKENS" ];
 200
 201       SSL_CERT_FILE = if (hash_.outputHash == "" || hash_.outputHash == lib.fakeSha256 || hash_.outputHash == lib.fakeSha512 || hash_.outputHash == lib.fakeHash)
 202         then "${cacert}/etc/ssl/certs/ca-bundle.crt"
 203         else "/no-cert-file.crt";
 204
 205       outputHashMode = "recursive";
 206     } // hash_ // forceGitDeps_ // forceEmptyCache_);
 207 }